net.shibboleth.utilities.java.support.component.ComponentInitializationException Java Examples

public String handleSsoGetRequestBase(HttpRequest request) {
    try {

        HttpServletRequest httpServletRequest = new FakeHttpServletRequest(request);

        HTTPRedirectDeflateDecoder decoder = new HTTPRedirectDeflateDecoder();
        decoder.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
        decoder.setHttpServletRequest(httpServletRequest);
        decoder.initialize();
        decoder.decode();

        MessageContext<SAMLObject> messageContext = decoder.getMessageContext();

        if (!(messageContext.getMessage() instanceof AuthnRequest)) {
            throw new RuntimeException("Expected AuthnRequest; received: " + messageContext.getMessage());
        }

        AuthnRequest authnRequest = (AuthnRequest) messageContext.getMessage();

        return createSamlAuthResponse(authnRequest);
    } catch (URISyntaxException | ComponentInitializationException | MessageDecodingException e) {
        throw new RuntimeException(e);
    }
}
 

/**
 * Build single metadata resolver.
 *
 * @param metadataFilterChain the metadata filters chained together
 * @param resource the resource
 * @param document the xml document to parse
 * @return list of resolved metadata from resources.
 * @throws IOException the iO exception
 */
private List<MetadataResolver> buildSingleMetadataResolver(final MetadataFilter metadataFilterChain,
                                         final Resource resource, final Document document) throws IOException {
    final List<MetadataResolver> resolvers = new ArrayList<>();
    final Element metadataRoot = document.getDocumentElement();
    final DOMMetadataResolver metadataProvider = new DOMMetadataResolver(metadataRoot);

    metadataProvider.setParserPool(this.configBean.getParserPool());
    metadataProvider.setFailFastInitialization(true);
    metadataProvider.setRequireValidMetadata(this.requireValidMetadata);
    metadataProvider.setId(metadataProvider.getClass().getCanonicalName());
    if (metadataFilterChain != null) {
        metadataProvider.setMetadataFilter(metadataFilterChain);
    }
    logger.debug("Initializing metadata resolver for [{}]", resource.getURL());

    try {
        metadataProvider.initialize();
    } catch (final ComponentInitializationException ex) {
        logger.warn("Could not initialize metadata resolver. Resource will be ignored", ex);
    }
    resolvers.add(metadataProvider);
    return resolvers;
}
 

private AbstractReloadingMetadataResolver createMetadataResolver(final Settings settings, final Path configPath)
        throws Exception {
    final AbstractReloadingMetadataResolver metadataResolver;

    if (idpMetadataUrl != null) {
        metadataResolver = new SamlHTTPMetadataResolver(settings, configPath);
    } else {
        metadataResolver = new SamlFilesystemMetadataResolver(settings, configPath);
    }

    SecurityManager sm = System.getSecurityManager();

    if (sm != null) {
        sm.checkPermission(new SpecialPermission());
    }

    try {
        AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
            @Override
            public Void run() throws ComponentInitializationException {
                metadataResolver.initialize();
                return null;
            }
        });
    } catch (PrivilegedActionException e) {
        if (e.getCause() instanceof ComponentInitializationException) {
            throw (ComponentInitializationException) e.getCause();
        } else {
            throw new RuntimeException(e.getCause());
        }
    }

    return metadataResolver;

}
 

private static BasicParserPool createDOMParser() throws SamlException {
  BasicParserPool basicParserPool = new BasicParserPool();
  try {
    basicParserPool.initialize();
  } catch (ComponentInitializationException e) {
    throw new SamlException("Failed to create an XML parser");
  }

  return basicParserPool;
}
 

private static DOMMetadataResolver createMetadataResolver(InputStream metadata)
    throws SamlException {
  try {
    BasicParserPool parser = createDOMParser();
    Document metadataDocument = parser.parse(metadata);
    DOMMetadataResolver resolver = new DOMMetadataResolver(metadataDocument.getDocumentElement());
    resolver.setId(
        "componentId"); // The resolver needs an ID for the initialization to go through.
    resolver.initialize();
    return resolver;
  } catch (ComponentInitializationException | XMLParserException ex) {
    throw new SamlException("Cannot load identity provider metadata", ex);
  }
}
 

@SuppressWarnings("unchecked")
public void handleSloGetRequestBase(HttpRequest request) {
    try {

        HttpServletRequest httpServletRequest = new FakeHttpServletRequest(request);

        HTTPRedirectDeflateDecoder decoder = new HTTPRedirectDeflateDecoder();
        decoder.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
        decoder.setHttpServletRequest(httpServletRequest);
        decoder.initialize();
        decoder.decode();

        MessageContext<SAMLObject> messageContext = decoder.getMessageContext();

        if (!(messageContext.getMessage() instanceof LogoutRequest)) {
            throw new RuntimeException("Expected LogoutRequest; received: " + messageContext.getMessage());
        }

        LogoutRequest logoutRequest = (LogoutRequest) messageContext.getMessage();

        SAML2HTTPRedirectDeflateSignatureSecurityHandler signatureSecurityHandler = new SAML2HTTPRedirectDeflateSignatureSecurityHandler();
        SignatureValidationParameters validationParams = new SignatureValidationParameters();
        SecurityParametersContext securityParametersContext = messageContext
                .getSubcontext(SecurityParametersContext.class, true);

        SAMLPeerEntityContext peerEntityContext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true);
        peerEntityContext.setEntityId(idpEntityId);
        peerEntityContext.setRole(org.opensaml.saml.saml2.metadata.SPSSODescriptor.DEFAULT_ELEMENT_NAME);

        SAMLProtocolContext protocolContext = messageContext.getSubcontext(SAMLProtocolContext.class, true);
        protocolContext.setProtocol(SAMLConstants.SAML20P_NS);

        validationParams.setSignatureTrustEngine(buildSignatureTrustEngine(this.spSignatureCertificate));
        securityParametersContext.setSignatureValidationParameters(validationParams);
        signatureSecurityHandler.setHttpServletRequest(httpServletRequest);
        signatureSecurityHandler.initialize();
        signatureSecurityHandler.invoke(messageContext);

        if (!this.authenticateUser.equals(logoutRequest.getNameID().getValue())) {
            throw new RuntimeException("Unexpected NameID in LogoutRequest: " + logoutRequest);
        }

    } catch (URISyntaxException | ComponentInitializationException | MessageDecodingException
            | MessageHandlerException e) {
        throw new RuntimeException(e);
    }
}
 

@Before
public void setUp() throws ComponentInitializationException, KeyException {
    // Note: the private key and the encrypting credential need to be from the same keypair
    PrivateKey privateKey = new PrivateKeyStoreFactory().create(TestEntityIds.TEST_RP).getEncryptionPrivateKeys().get(0);
    KeyPair keyPair = new KeyPair(KeySupport.derivePublicKey(privateKey), privateKey);
    List<KeyPair>  keyPairs = asList(keyPair, keyPair);
    encryptionCredentialFactory = new TestCredentialFactory(TEST_RP_PUBLIC_ENCRYPTION_CERT, TEST_RP_PRIVATE_ENCRYPTION_KEY);
    testRpSigningCredential = new TestCredentialFactory(TEST_RP_PUBLIC_SIGNING_CERT, TEST_RP_PRIVATE_SIGNING_KEY).getSigningCredential();

    hubMetadataResolver = mock(MetadataResolver.class);

    ResponseFactory responseFactory = new ResponseFactory(keyPairs);
    DateTimeComparator dateTimeComparator = new DateTimeComparator(Duration.standardSeconds(5));
    TimeRestrictionValidator timeRestrictionValidator = new TimeRestrictionValidator(dateTimeComparator);

    SamlAssertionsSignatureValidator samlAssertionsSignatureValidator = mock(SamlAssertionsSignatureValidator.class);
    InstantValidator instantValidator = new InstantValidator(dateTimeComparator);
    SubjectValidator subjectValidator = new SubjectValidator(timeRestrictionValidator);
    ConditionsValidator conditionsValidator = new ConditionsValidator(timeRestrictionValidator, new AudienceRestrictionValidator());
    AssertionValidator assertionValidator = new AssertionValidator(instantValidator, subjectValidator, conditionsValidator);
    LevelOfAssuranceValidator levelOfAssuranceValidator = new LevelOfAssuranceValidator();
    MatchingAssertionTranslator msaAssertionService = new MatchingAssertionTranslator(assertionValidator, levelOfAssuranceValidator, samlAssertionsSignatureValidator);

    ExplicitKeySignatureTrustEngine signatureTrustEngine = new MetadataSignatureTrustEngineFactory().createSignatureTrustEngine(hubMetadataResolver);

    matchingResponseService = responseFactory.createMatchingResponseService(
        signatureTrustEngine,
        msaAssertionService,
        dateTimeComparator
    );

    eidasNonMatchingResponseService = responseFactory.createNonMatchingResponseService(
            signatureTrustEngine,
            mockAssertionTranslator,
            dateTimeComparator,
            mockUnsignedAssertionsResponseHandler
    );

    badlyConfiguredEidasNonMatchingResponseService = responseFactory.createNonMatchingResponseService(
            signatureTrustEngine,
            mockAssertionTranslator,
            dateTimeComparator,
            null
    );
}